2010-09-11 02:12:39 +02:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< meta http-equiv = "Content-Type" content = "text/xhtml;charset=UTF-8" / >
< title > Snort AI preprocessor module: correlation.c File Reference< / title >
< link href = "tabs.css" rel = "stylesheet" type = "text/css" / >
< link href = "search/search.css" rel = "stylesheet" type = "text/css" / >
< script type = "text/javaScript" src = "search/search.js" > < / script >
< link href = "doxygen.css" rel = "stylesheet" type = "text/css" / >
< / head >
< body onload = 'searchBox.OnSelectItem(0);' >
<!-- Generated by Doxygen 1.7.1 -->
< script type = "text/javascript" > < ! - -
var searchBox = new SearchBox("searchBox", "search",false,'Search');
-->< / script >
< div class = "navigation" id = "top" >
< div class = "tabs" >
< ul class = "tablist" >
< li > < a href = "index.html" > < span > Main Page< / span > < / a > < / li >
< li > < a href = "modules.html" > < span > Modules< / span > < / a > < / li >
< li > < a href = "annotated.html" > < span > Data Structures< / span > < / a > < / li >
< li class = "current" > < a href = "files.html" > < span > Files< / span > < / a > < / li >
< li id = "searchli" >
< div id = "MSearchBox" class = "MSearchBoxInactive" >
< span class = "left" >
< img id = "MSearchSelect" src = "search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
< input type = "text" id = "MSearchField" value = "Search" accesskey = "S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
< / span > < span class = "right" >
< a id = "MSearchClose" href = "javascript:searchBox.CloseResultsWindow()" > < img id = "MSearchCloseImg" border = "0" src = "search/close.png" alt = "" / > < / a >
< / span >
< / div >
< / li >
< / ul >
< / div >
< div class = "tabs2" >
< ul class = "tablist" >
< li > < a href = "files.html" > < span > File List< / span > < / a > < / li >
< li > < a href = "globals.html" > < span > Globals< / span > < / a > < / li >
< / ul >
< / div >
< / div >
< div class = "header" >
< div class = "summary" >
< a href = "#nested-classes" > Data Structures< / a > |
< a href = "#enum-members" > Enumerations< / a > |
< a href = "#func-members" > Functions< / a > |
< a href = "#var-members" > Variables< / a > < / div >
< div class = "headertitle" >
< h1 > correlation.c File Reference< / h1 > < / div >
< / div >
< div class = "contents" >
< code > #include " < a class = "el" href = "spp__ai_8h_source.html" > spp_ai.h< / a > " < / code > < br / >
2010-09-14 19:24:03 +02:00
< code > #include < stdio.h> < / code > < br / >
< code > #include < stdlib.h> < / code > < br / >
< code > #include < string.h> < / code > < br / >
2010-09-11 02:12:39 +02:00
< code > #include < unistd.h> < / code > < br / >
2010-09-14 19:24:03 +02:00
< code > #include < time.h> < / code > < br / >
< code > #include < math.h> < / code > < br / >
< code > #include < alloca.h> < / code > < br / >
2010-09-11 02:12:39 +02:00
< code > #include < sys/stat.h> < / code > < br / >
< code > #include < pthread.h> < / code > < br / >
< code > #include < libxml/xmlreader.h> < / code > < br / >
< table class = "memberdecls" >
< tr > < td colspan = "2" > < h2 > < a name = "nested-classes" > < / a >
Data Structures< / h2 > < / td > < / tr >
2010-09-14 19:24:03 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > struct < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "structAI__alert__correlation__key.html" > AI_alert_correlation_key< / a > < / td > < / tr >
2010-09-11 12:45:30 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > struct < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "structAI__alert__correlation.html" > AI_alert_correlation< / a > < / td > < / tr >
2010-09-11 02:12:39 +02:00
< tr > < td colspan = "2" > < h2 > < a name = "enum-members" > < / a >
Enumerations< / h2 > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > enum < / td > < td class = "memItemRight" valign = "bottom" > { < br / >
< a class = "el" href = "group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8" > inHyperAlert< / a > ,
< a class = "el" href = "group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d" > inSnortIdTag< / a > ,
< a class = "el" href = "group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f" > inPreTag< / a > ,
< a class = "el" href = "group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f" > inPostTag< / a > ,
< br / >
< a class = "el" href = "group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67" > TAG_NUM< / a >
< br / >
}< / td > < / tr >
< tr > < td colspan = "2" > < h2 > < a name = "func-members" > < / a >
Functions< / h2 > < / td > < / tr >
2010-09-14 19:24:03 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga9bcb94264ffe30f113f3fb7287b774e3" > _AI_correlation_table_cleanup< / a > ()< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Clean up the correlation hash table. < a href = "group__correlation.html#ga9bcb94264ffe30f113f3fb7287b774e3" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga4267a39fa1a5ac035015823bca43288e" > _AI_print_correlated_alerts< / a > (< a class = "el" href = "structAI__alert__correlation.html" > AI_alert_correlation< / a > *corr, FILE *fp)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Recursively write a flow of correlated alerts to a .dot file, ready for being rendered as graph. < a href = "group__correlation.html#ga4267a39fa1a5ac035015823bca43288e" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE char * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga7a1b2d01f526f24ea91d7f08bdefd4fe" > _AI_get_function_name< / a > (const char *orig_stmt)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Get the name of the function called by a pre-condition or post-condition predicate. < a href = "group__correlation.html#ga7a1b2d01f526f24ea91d7f08bdefd4fe" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE char ** < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#gab716702cd226ab2ad957234a92da6e4a" > _AI_get_function_arguments< / a > (char *orig_stmt, int *n_args)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Get the arguments passed to a function predicate in a pre-condition or post-condition (comma-separated values). < a href = "group__correlation.html#gab716702cd226ab2ad957234a92da6e4a" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE double < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga9cb283b28a66829574add58a251b93c6" > _AI_correlation_coefficient< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *a, < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *b)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). < a href = "group__correlation.html#ga9cb283b28a66829574add58a251b93c6" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga70a4aaf8b689472dad62ba7a9bbde1a6" > _AI_macro_subst< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > **alert)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. < a href = "group__correlation.html#ga70a4aaf8b689472dad62ba7a9bbde1a6" > < / a > < br / > < / td > < / tr >
2010-09-11 12:45:30 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "structAI__hyperalert__info.html" > AI_hyperalert_info< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65" > _AI_hyperalert_from_XML< / a > (< a class = "el" href = "structAI__hyperalert__key.html" > AI_hyperalert_key< / a > key)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Parse info about a hyperalert from a correlation XML file, if it exists. < a href = "group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65" > < / a > < br / > < / td > < / tr >
2010-09-11 02:12:39 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > void * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" > AI_alert_correlation_thread< / a > (void *arg)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Thread for correlating clustered alerts. < a href = "group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" > < / a > < br / > < / td > < / tr >
< tr > < td colspan = "2" > < h2 > < a name = "var-members" > < / a >
Variables< / h2 > < / td > < / tr >
2010-09-11 12:45:30 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "structAI__hyperalert__info.html" > AI_hyperalert_info< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2" > hyperalerts< / a > = NULL< / td > < / tr >
2010-09-11 02:12:39 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "structAI__config.html" > AI_config< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca" > conf< / a > = NULL< / td > < / tr >
2010-09-11 12:45:30 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe" > alerts< / a > = NULL< / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "structAI__alert__correlation.html" > AI_alert_correlation< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021" > correlation_table< / a > = NULL< / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__correlation.html#gafebc81c042a632dc987e113b7f390274" > lock_flag< / a > = false< / td > < / tr >
2010-09-11 02:12:39 +02:00
< / table >
< / div >
<!-- - window showing the filter options -->
< div id = "MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
< a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(0)" > < span class = "SelectionMark" > < / span > All< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(1)" > < span class = "SelectionMark" > < / span > Data Structures< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(2)" > < span class = "SelectionMark" > < / span > Files< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(3)" > < span class = "SelectionMark" > < / span > Functions< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(4)" > < span class = "SelectionMark" > < / span > Variables< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(5)" > < span class = "SelectionMark" > < / span > Typedefs< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(6)" > < span class = "SelectionMark" > < / span > Enumerations< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(7)" > < span class = "SelectionMark" > < / span > Enumerator< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(8)" > < span class = "SelectionMark" > < / span > Defines< / a > < / div >
<!-- iframe showing the search results (closed by default) -->
< div id = "MSearchResultsWindow" >
< iframe src = "" frameborder = "0"
name="MSearchResults" id="MSearchResults">
< / iframe >
< / div >
2010-09-14 19:24:03 +02:00
< hr class = "footer" / > < address class = "footer" > < small > Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by
2010-09-11 02:12:39 +02:00
< a href = "http://www.doxygen.org/index.html" >
< img class = "footer" src = "doxygen.png" alt = "doxygen" / > < / a > 1.7.1 < / small > < / address >
< / body >
< / html >